NPM Verdaccio - 设置上行链路到自己的远程服务器
NPM Verdaccio - set uplink to own remote server
我刚刚在我们的本地网络中构建了一个 NPM Verdaccio 私有注册表服务器,我想配置一个 UPLINK 到我们托管在 AWS 上的远程 NPM Verdaccio 服务器(并保留原始的 npmjs 注册表)。
来自 Verdaccio 的片段 config.yaml
uplinks:
npmjs:
url: https://registry.npmjs.org/
our-NPM-AWS-server:
url: https://our-NPM-AWS-server.com
根据文档 (Verdaccio_UPLINK),无论如何,我必须在那里设置身份验证参数。
我找到了 UPLINKS here - uplink authorization & here - getting an Auth Token 的用法,但这让我很困惑,因为我不确定要将什么设置为 AUTH 方法:
auth:
token:
type: bearer | basic,
token: "token",
token_env: true | <get name process.env> `NPM_TOKEN`
我找不到任何可以指导我的教程,所以我想寻求一些见解和帮助 - 在内部 NPM 服务器和远程 NPM AWS 服务器上设置什么是必要的。
配置:
内部 NPM 服务器
ubuntu 16.04, node v8.11.1, npm v5.8, Verdaccio v.2.7.4, access is controlled by .htpasswd, NPM is accessible on port 80 (listens on http://127.0.0.1:4873)
AWS 上的远程自己的 NPM 服务器
ubuntu 14.04, node v6.14.1, npm v3.10.10, Verdaccio v.2.7.4, access is controlled by .htpasswd, NPM is accessible only via 443 from the outside (proxy_http listens on http://127.0.0.1:4873 with an url_prefix: https://our-NPM-AWS-server.com)
两台服务器都正常运行(您可以使用您的NPM帐户登录那里,推送包等)。
非常感谢
编辑 2018-04-26
AWS NPM 服务器已注册到应用程序 ELB,它在端口 443 上侦听。AWS NPM 服务器在端口 443 上侦听并且位于私有子网中。
我尝试将 AWS Verdaccio 实例放入 public 子网并在没有 ELB 的情况下直接访问它,但是它没有任何影响并且行为是相同的。
AWS NPMconfig.yaml文件
UPLINKS 部分未更改
packages:
'@*/*':
# scoped packages
access: $all
publish: $authenticated
proxy: npmjs
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
access: $authenticated
# allow all known users to publish packages
# (anyone can register by default, remember?)
publish: $authenticated
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: npmjs
我试过设置
'**':
access: $all
但是,没有任何效果。
Internal Verdaccio Serverconfig.yaml
uplinks:
aws:
url: https://our-NPM-AWS-server.com/
#strictUrlMatch: false
headers:
authorization: "Basic <token_which_I_harvested_from_/.npmrc_file>"
packages:
'@*/*':
# scoped packages
access: $all
publish: $authenticated
proxy: aws
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
access: $all
# allow all known users to publish packages
# (anyone can register by default, remember?)
publish: $authenticated
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: aws
在内部 Verdaccio 实例上,我尝试从 AWS Verdaccio 实例获取一些包
npm pack --verbose verdaccio-bitbucket
这是来自 AWS Verdaccio 的日志:
{"name":"verdaccio","hostname":"hostname_our-NPM-AWS-server","pid":8494,"sub":"in",
"level":30,"req":{"method":"GET","url":"/verdaccio-bitbucket",
"headers":{"host":"our-NPM-AWS-server.com","x-forwarded-for"
:"Public_IP_of_Internal_Verdaccio, 10.XXX.XX.XXX","x-forwarded-proto"
:"https","x-forwarded-port":"443","x-amzn-trace-id":
"Root=X-XXXXXX-XXXXXXXXXXXXXXXX","accept":"application/json;",
"accept-encoding":"gzip","user-agent":"npm (verdaccio/2.7.4)",
"via":"1.1 f8d74eab3cc6 (Verdaccio)","authorization":"<Classified>",
"x-forwarded-host":"our-NPM-AWS-server.com",
"x-forwarded-server":"our-NPM-AWS-server.com","connection":"Keep-Alive"},
"remoteAddress":"127.0.0.1","remotePort":42608},"ip":"127.0.0.1",
"msg":"@{ip} requested '@{req.method} @{req.url}'",
"time":"2018-04-26T20:12:38.893Z","v":0}
{"name":"verdaccio","hostname":"hostname_our-NPM-AWS-server","pid":8494,"sub":"in",
"level":35,"request":{"method":"GET","url":"/verdaccio-bitbucket"},
"remoteIP":"Public_IP_of_Internal_Verdaccio, 10.XXX.XX.XXX via
127.0.0.1","**status":403,"error":"unregistered users are not allowed
to access package verdaccio-bitbucket"**,"bytes":
"in":0,"out":180},"msg":"@{status}, user: @{user}(@{remoteIP}),
req: '@{request.method} @{request.url}', error: @{!error}",
"time":"2018-04-26T20:12:38.895Z","v":0}
这是来自 Internal Verdaccio 的日志,其中命令 运行 来自:
http --> 200, req: 'GET https://our-NPM-AWS-server.com/verdaccio-bitbucket' (streaming)
http --> 200, req: 'GET https://our-NPM-AWS-server.com/verdaccio-bitbucket', bytes: 0/34578
http <-- 200, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket', bytes: 0/5038
http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
您的配置是正确的,但有点错误。让我修复它。
uplinks:
aws:
url: https://our-NPM-AWS-server.com/
#strictUrlMatch: false
headers:
authorization: "Bearer <token_which_I_harvested_from_/.npmrc_file>"
不要使用 Basic,它是 Bearer verdaccio 使用 JWT,不幸的是,verdaccio 中间件不接受 bearer 小写(它接受自 verdaccio@v3.0.0-beta.7).
For clarification about Basis and JWT. Since version verdaccio@2.3.0 all tokes are generated with JWT library, somehow, for legacy/unit testing reasons we still accept Basis authentification headers, but, all new tokens generated since verdaccio@2.3.0 must use Bearer in headers instead Basis.
我会报告一些问题 Github,虽然都是小问题,但仍然会导致像这样的问题。
希望对您有所帮助。
我刚刚在我们的本地网络中构建了一个 NPM Verdaccio 私有注册表服务器,我想配置一个 UPLINK 到我们托管在 AWS 上的远程 NPM Verdaccio 服务器(并保留原始的 npmjs 注册表)。
来自 Verdaccio 的片段 config.yaml
uplinks:
npmjs:
url: https://registry.npmjs.org/
our-NPM-AWS-server:
url: https://our-NPM-AWS-server.com
根据文档 (Verdaccio_UPLINK),无论如何,我必须在那里设置身份验证参数。 我找到了 UPLINKS here - uplink authorization & here - getting an Auth Token 的用法,但这让我很困惑,因为我不确定要将什么设置为 AUTH 方法:
auth:
token:
type: bearer | basic,
token: "token",
token_env: true | <get name process.env> `NPM_TOKEN`
我找不到任何可以指导我的教程,所以我想寻求一些见解和帮助 - 在内部 NPM 服务器和远程 NPM AWS 服务器上设置什么是必要的。
配置:
内部 NPM 服务器
ubuntu 16.04, node v8.11.1, npm v5.8, Verdaccio v.2.7.4, access is controlled by .htpasswd, NPM is accessible on port 80 (listens on http://127.0.0.1:4873)
AWS 上的远程自己的 NPM 服务器
ubuntu 14.04, node v6.14.1, npm v3.10.10, Verdaccio v.2.7.4, access is controlled by .htpasswd, NPM is accessible only via 443 from the outside (proxy_http listens on http://127.0.0.1:4873 with an url_prefix: https://our-NPM-AWS-server.com)
两台服务器都正常运行(您可以使用您的NPM帐户登录那里,推送包等)。
非常感谢
编辑 2018-04-26
AWS NPM 服务器已注册到应用程序 ELB,它在端口 443 上侦听。AWS NPM 服务器在端口 443 上侦听并且位于私有子网中。 我尝试将 AWS Verdaccio 实例放入 public 子网并在没有 ELB 的情况下直接访问它,但是它没有任何影响并且行为是相同的。
AWS NPMconfig.yaml文件 UPLINKS 部分未更改
packages:
'@*/*':
# scoped packages
access: $all
publish: $authenticated
proxy: npmjs
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
access: $authenticated
# allow all known users to publish packages
# (anyone can register by default, remember?)
publish: $authenticated
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: npmjs
我试过设置
'**':
access: $all
但是,没有任何效果。
Internal Verdaccio Serverconfig.yaml
uplinks:
aws:
url: https://our-NPM-AWS-server.com/
#strictUrlMatch: false
headers:
authorization: "Basic <token_which_I_harvested_from_/.npmrc_file>"
packages:
'@*/*':
# scoped packages
access: $all
publish: $authenticated
proxy: aws
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
access: $all
# allow all known users to publish packages
# (anyone can register by default, remember?)
publish: $authenticated
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: aws
在内部 Verdaccio 实例上,我尝试从 AWS Verdaccio 实例获取一些包
npm pack --verbose verdaccio-bitbucket
这是来自 AWS Verdaccio 的日志:
{"name":"verdaccio","hostname":"hostname_our-NPM-AWS-server","pid":8494,"sub":"in",
"level":30,"req":{"method":"GET","url":"/verdaccio-bitbucket",
"headers":{"host":"our-NPM-AWS-server.com","x-forwarded-for"
:"Public_IP_of_Internal_Verdaccio, 10.XXX.XX.XXX","x-forwarded-proto"
:"https","x-forwarded-port":"443","x-amzn-trace-id":
"Root=X-XXXXXX-XXXXXXXXXXXXXXXX","accept":"application/json;",
"accept-encoding":"gzip","user-agent":"npm (verdaccio/2.7.4)",
"via":"1.1 f8d74eab3cc6 (Verdaccio)","authorization":"<Classified>",
"x-forwarded-host":"our-NPM-AWS-server.com",
"x-forwarded-server":"our-NPM-AWS-server.com","connection":"Keep-Alive"},
"remoteAddress":"127.0.0.1","remotePort":42608},"ip":"127.0.0.1",
"msg":"@{ip} requested '@{req.method} @{req.url}'",
"time":"2018-04-26T20:12:38.893Z","v":0}
{"name":"verdaccio","hostname":"hostname_our-NPM-AWS-server","pid":8494,"sub":"in",
"level":35,"request":{"method":"GET","url":"/verdaccio-bitbucket"},
"remoteIP":"Public_IP_of_Internal_Verdaccio, 10.XXX.XX.XXX via
127.0.0.1","**status":403,"error":"unregistered users are not allowed
to access package verdaccio-bitbucket"**,"bytes":
"in":0,"out":180},"msg":"@{status}, user: @{user}(@{remoteIP}),
req: '@{request.method} @{request.url}', error: @{!error}",
"time":"2018-04-26T20:12:38.895Z","v":0}
这是来自 Internal Verdaccio 的日志,其中命令 运行 来自:
http --> 200, req: 'GET https://our-NPM-AWS-server.com/verdaccio-bitbucket' (streaming)
http --> 200, req: 'GET https://our-NPM-AWS-server.com/verdaccio-bitbucket', bytes: 0/34578
http <-- 200, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket', bytes: 0/5038
http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
您的配置是正确的,但有点错误。让我修复它。
uplinks:
aws:
url: https://our-NPM-AWS-server.com/
#strictUrlMatch: false
headers:
authorization: "Bearer <token_which_I_harvested_from_/.npmrc_file>"
不要使用 Basic,它是 Bearer verdaccio 使用 JWT,不幸的是,verdaccio 中间件不接受 bearer 小写(它接受自 verdaccio@v3.0.0-beta.7).
For clarification about Basis and JWT. Since version verdaccio@2.3.0 all tokes are generated with JWT library, somehow, for legacy/unit testing reasons we still accept Basis authentification headers, but, all new tokens generated since verdaccio@2.3.0 must use Bearer in headers instead Basis.
我会报告一些问题 Github,虽然都是小问题,但仍然会导致像这样的问题。
希望对您有所帮助。